Skills
skills/mindfold-ai/trellis/check/Gen Agent Trust Hub

check

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill invokes a local Python script located at ./.trellis/scripts/get_context.py to identify package contexts. This execution path allows the agent to run code defined within the repository being audited.
  • [PROMPT_INJECTION]: The skill reads project guidelines from .trellis/spec/ files and instructs the agent to follow the rules found within those documents. This represents an indirect prompt injection surface where an attacker could place malicious instructions in the specification files to override agent behavior during the review process.
  • Ingestion points: .trellis/spec/<package>/<layer>/index.md via the cat command.
  • Boundary markers: None; the agent is directly instructed to follow the content of the external file.
  • Capability inventory: Local command execution (git, python3), file reading (cat), and codebase analysis.
  • Sanitization: No validation or sanitization is performed on the content of the spec files before processing.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 08:33 AM